MoodleNet/1.0/DPIA: Difference between revisions
From MoodleDocs
Doug Belshaw (talk | contribs) (Created page with "<< [https://docs.moodle.org/dev/MoodleNet Back to MoodleNet index] ----") |
Doug Belshaw (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
<< [https://docs.moodle.org/dev/MoodleNet Back to MoodleNet index] | << [https://docs.moodle.org/dev/MoodleNet Back to MoodleNet index] | ||
---- | |||
== Data Protection Impact Assessment == | |||
'''Current version:''' 0.1 (June 2019) | |||
According to the UK's [https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/ Information Commissioner's Office] (ICO) a Data Protection Impact Assessment (DPIA) is "a process to help you identify and minimise the data protection risks of a project". Under the terms of the EU's [https://en.wikipedia.org/wiki/General_Data_Protection_Regulation General Data Protection Regulation] (GDPR) is mandatory to create a DPIA "for processing that is likely to result in a high risk to individuals". However, it is also "good practice to do a DPIA for any other major project which requires the processing of personal data". | |||
As a result, this DPIA for MoodleNet aims to: | |||
* describe the nature, scope, context and purposes of the processing | |||
* assess necessity, proportionality and compliance measures | |||
* identify and assess risks to individuals | |||
* identify any additional measures to mitigate those risks | |||
---- | ---- |
Revision as of 13:53, 6 June 2019
Data Protection Impact Assessment
Current version: 0.1 (June 2019)
According to the UK's Information Commissioner's Office (ICO) a Data Protection Impact Assessment (DPIA) is "a process to help you identify and minimise the data protection risks of a project". Under the terms of the EU's General Data Protection Regulation (GDPR) is mandatory to create a DPIA "for processing that is likely to result in a high risk to individuals". However, it is also "good practice to do a DPIA for any other major project which requires the processing of personal data".
As a result, this DPIA for MoodleNet aims to:
- describe the nature, scope, context and purposes of the processing
- assess necessity, proportionality and compliance measures
- identify and assess risks to individuals
- identify any additional measures to mitigate those risks